/** * Returns whether the currently logged in user is an administrator * * @return bool true if the user is an admin */ private function isAdmin() { $user = $this->userSession->getUser(); if ($user !== null) { return $this->groupManager->isAdmin($user->getUID()); } return false; }
/** * returns an array of users in the group specified * * @param array $parameters * @return OC_OCS_Result */ public function getGroup($parameters) { // Check if user is logged in $user = $this->userSession->getUser(); if ($user === null) { return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED); } $groupId = $parameters['groupid']; // Check the group exists if (!$this->groupManager->groupExists($groupId)) { return new OC_OCS_Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The requested group could not be found'); } $isSubadminOfGroup = false; $group = $this->groupManager->get($groupId); if ($group !== null) { $isSubadminOfGroup = $this->groupManager->getSubAdmin()->isSubAdminofGroup($user, $group); } // Check subadmin has access to this group if ($this->groupManager->isAdmin($user->getUID()) || $isSubadminOfGroup) { $users = $this->groupManager->get($groupId)->getUsers(); $users = array_map(function ($user) { /** @var IUser $user */ return $user->getUID(); }, $users); $users = array_values($users); return new OC_OCS_Result(['users' => $users]); } else { return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED, 'User does not have access to specified group'); } }
/** * Creates a new tag * * @param string $data JSON encoded string containing the properties of the tag to create * @param string $contentType content type of the data * @return ISystemTag newly created system tag * * @throws BadRequest if a field was missing * @throws Conflict if a tag with the same properties already exists * @throws UnsupportedMediaType if the content type is not supported */ private function createTag($data, $contentType = 'application/json') { if (explode(';', $contentType)[0] === 'application/json') { $data = json_decode($data, true); } else { throw new UnsupportedMediaType(); } if (!isset($data['name'])) { throw new BadRequest('Missing "name" attribute'); } $tagName = $data['name']; $userVisible = true; $userAssignable = true; if (isset($data['userVisible'])) { $userVisible = (bool) $data['userVisible']; } if (isset($data['userAssignable'])) { $userAssignable = (bool) $data['userAssignable']; } if ($userVisible === false || $userAssignable === false) { if (!$this->userSession->isLoggedIn() || !$this->groupManager->isAdmin($this->userSession->getUser()->getUID())) { throw new BadRequest('Not sufficient permissions'); } } try { return $this->tagManager->createTag($tagName, $userVisible, $userAssignable); } catch (TagAlreadyExistsException $e) { throw new Conflict('Tag already exists', 0, $e); } }
/** * {@inheritdoc} */ public function canUserSeeTag(ISystemTag $tag, IUser $user) { if ($tag->isUserVisible()) { return true; } if ($this->groupManager->isAdmin($user->getUID())) { return true; } return false; }
/** * Set the displayName of a user * * @NoAdminRequired * @NoSubadminRequired * * @param string $username * @param string $displayName * @return DataResponse */ public function setDisplayName($username, $displayName) { $currentUser = $this->userSession->getUser(); if ($username === null) { $username = $currentUser->getUID(); } $user = $this->userManager->get($username); if ($user === null || !$user->canChangeDisplayName() || !$this->groupManager->isAdmin($currentUser->getUID()) && !$this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $user) && $currentUser !== $user) { return new DataResponse(['status' => 'error', 'data' => ['message' => $this->l10n->t('Authentication error')]]); } if ($user->setDisplayName($displayName)) { return new DataResponse(['status' => 'success', 'data' => ['message' => $this->l10n->t('Your full name has been changed.'), 'username' => $username, 'displayName' => $displayName]]); } else { return new DataResponse(['status' => 'error', 'data' => ['message' => $this->l10n->t('Unable to change full name'), 'displayName' => $user->getDisplayName()]]); } }
/** * checks if a user is a accessible by a subadmin * @param IUser $subadmin * @param IUser $user * @return bool */ public function isUserAccessible($subadmin, $user) { if (!$this->isSubAdmin($subadmin)) { return false; } if ($this->groupManager->isAdmin($user->getUID())) { return false; } $accessibleGroups = $this->getSubAdminsGroups($subadmin); foreach ($accessibleGroups as $accessibleGroup) { if ($accessibleGroup->inGroup($user)) { return true; } } return false; }
/** * @param array $parameters * @return OC_OCS_Result */ public function removeFromGroup($parameters) { // Check if user is logged in $loggedInUser = $this->userSession->getUser(); if ($loggedInUser === null) { return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED); } $group = !empty($parameters['_delete']['groupid']) ? $parameters['_delete']['groupid'] : null; if ($group === null) { return new OC_OCS_Result(null, 101); } $group = $this->groupManager->get($group); if ($group === null) { return new OC_OCS_Result(null, 102); } $targetUser = $this->userManager->get($parameters['userid']); if ($targetUser === null) { return new OC_OCS_Result(null, 103); } // If they're not an admin, check they are a subadmin of the group in question $subAdminManager = $this->groupManager->getSubAdmin(); if (!$this->groupManager->isAdmin($loggedInUser->getUID()) && !$subAdminManager->isSubAdminofGroup($loggedInUser, $group)) { return new OC_OCS_Result(null, 104); } // Check they aren't removing themselves from 'admin' or their 'subadmin; group if ($parameters['userid'] === $loggedInUser->getUID()) { if ($this->groupManager->isAdmin($loggedInUser->getUID())) { if ($group->getGID() === 'admin') { return new OC_OCS_Result(null, 105, 'Cannot remove yourself from the admin group'); } } else { // Not an admin, check they are not removing themself from their subadmin group $subAdminGroups = $subAdminManager->getSubAdminsGroups($loggedInUser); foreach ($subAdminGroups as $key => $group) { $subAdminGroups[$key] = $group->getGID(); } if (in_array($group->getGID(), $subAdminGroups, true)) { return new OC_OCS_Result(null, 105, 'Cannot remove yourself from this group as you are a SubAdmin'); } } } // Remove user from group $group->removeUser($targetUser); return new OC_OCS_Result(null, 100); }
/** * Updates tag attributes * * @param string $path * @param PropPatch $propPatch * * @return void */ public function handleUpdateProperties($path, PropPatch $propPatch) { $propPatch->handle([self::DISPLAYNAME_PROPERTYNAME, self::USERVISIBLE_PROPERTYNAME, self::USERASSIGNABLE_PROPERTYNAME, self::GROUPS_PROPERTYNAME], function ($props) use($path) { $node = $this->server->tree->getNodeForPath($path); if (!$node instanceof SystemTagNode) { return; } $tag = $node->getSystemTag(); $name = $tag->getName(); $userVisible = $tag->isUserVisible(); $userAssignable = $tag->isUserAssignable(); $updateTag = false; if (isset($props[self::DISPLAYNAME_PROPERTYNAME])) { $name = $props[self::DISPLAYNAME_PROPERTYNAME]; $updateTag = true; } if (isset($props[self::USERVISIBLE_PROPERTYNAME])) { $propValue = $props[self::USERVISIBLE_PROPERTYNAME]; $userVisible = $propValue !== 'false' && $propValue !== '0'; $updateTag = true; } if (isset($props[self::USERASSIGNABLE_PROPERTYNAME])) { $propValue = $props[self::USERASSIGNABLE_PROPERTYNAME]; $userAssignable = $propValue !== 'false' && $propValue !== '0'; $updateTag = true; } if (isset($props[self::GROUPS_PROPERTYNAME])) { if (!$this->groupManager->isAdmin($this->userSession->getUser()->getUID())) { // property only available for admins throw new Forbidden(); } $propValue = $props[self::GROUPS_PROPERTYNAME]; $groupIds = explode('|', $propValue); $this->tagManager->setTagGroups($tag, $groupIds); } if ($updateTag) { $node->update($name, $userVisible, $userAssignable); } return true; }); }
/** * @param array $parameters * @return OC_OCS_Result */ public function getUsersGroups($parameters) { // Check if user is logged in $user = $this->userSession->getUser(); if ($user === null) { return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED); } if ($parameters['userid'] === $user->getUID() || $this->groupManager->isAdmin($user->getUID())) { // Self lookup or admin lookup return new OC_OCS_Result(['groups' => $this->groupManager->getUserGroupIds($this->userManager->get($parameters['userid']))]); } else { // Looking up someone else if (OC_SubAdmin::isUserAccessible($user->getUID(), $parameters['userid'])) { // Return the group that the method caller is subadmin of for the user in question $groups = array_intersect(OC_SubAdmin::getSubAdminsGroups($user->getUID()), $this->groupManager->getUserGroupIds($this->userManager->get($parameters['userid']))); return new OC_OCS_Result(array('groups' => $groups)); } else { // Not permitted return new OC_OCS_Result(null, 997); } } }
/** * @param MapperEvent $event */ public function mapperEvent(MapperEvent $event) { $tagIds = $event->getTags(); if ($event->getObjectType() !== 'files' || empty($tagIds) || !in_array($event->getEvent(), [MapperEvent::EVENT_ASSIGN, MapperEvent::EVENT_UNASSIGN]) || !$this->appManager->isInstalled('activity')) { // System tags not for files, no tags, not (un-)assigning or no activity-app enabled (save the energy) return; } try { $tags = $this->tagManager->getTagsByIds($tagIds); } catch (TagNotFoundException $e) { // User assigned/unassigned a non-existing tag, ignore... return; } if (empty($tags)) { return; } // Get all mount point owners $cache = $this->mountCollection->getMountCache(); $mounts = $cache->getMountsForFileId($event->getObjectId()); if (empty($mounts)) { return; } $users = []; foreach ($mounts as $mount) { $owner = $mount->getUser()->getUID(); $ownerFolder = $this->rootFolder->getUserFolder($owner); $nodes = $ownerFolder->getById($event->getObjectId()); if (!empty($nodes)) { /** @var Node $node */ $node = array_shift($nodes); $path = $node->getPath(); if (strpos($path, '/' . $owner . '/files/') === 0) { $path = substr($path, strlen('/' . $owner . '/files')); } // Get all users that have access to the mount point $users = array_merge($users, Share::getUsersSharingFile($path, $owner, true, true)); } } $actor = $this->session->getUser(); if ($actor instanceof IUser) { $actor = $actor->getUID(); } else { $actor = ''; } $activity = $this->activityManager->generateEvent(); $activity->setApp(Extension::APP_NAME)->setType(Extension::APP_NAME)->setAuthor($actor)->setObject($event->getObjectType(), $event->getObjectId()); foreach ($users as $user => $path) { $activity->setAffectedUser($user); foreach ($tags as $tag) { // don't publish activity for non-admins if tag is invisible if (!$tag->isUserVisible() && !$this->groupManager->isAdmin($user)) { continue; } if ($event->getEvent() === MapperEvent::EVENT_ASSIGN) { $activity->setSubject(Extension::ASSIGN_TAG, [$actor, $path, $this->prepareTagAsParameter($tag)]); } else { if ($event->getEvent() === MapperEvent::EVENT_UNASSIGN) { $activity->setSubject(Extension::UNASSIGN_TAG, [$actor, $path, $this->prepareTagAsParameter($tag)]); } } $this->activityManager->publish($activity); } } }
/** * @NoAdminRequired * @NoCSRFRequired * * @return TemplateResponse */ public function index() { return new TemplateResponse('announcementcenter', 'main', ['is_admin' => $this->groupManager->isAdmin($this->userId)]); }